Login or request a free trial

Customer owned bank breach reporting 'not up to scratch'

Financial institutions reporting no or a low number of breaches of their code compliance obligations might look like good news, but that is not how the Customer Owned Banking Code Compliance Committee sees it.

The COBCCC released its latest annual data report yesterday, saying “too many subscribers reported either no breaches or a low number of breaches of the Customer Owned Banking Code of Practice”. 

It said that was a “concerning trend” that has been going on for several years.

“The COBCCC considers zero breaches to be highly unlikely and questions the adequacy and effectiveness of the monitoring and reporting systems and capabilities of customer owned banking institutions that continually report no breaches,” it said.

“We consider this as an indication that an institution’s monitoring and reporting systems and capabilities are not up to scratch. Insufficient monitoring and reporting capabilities might suggest poor practices and governance. It reveals an institution yet to embrace a culture of compliance.”

It said some of the problems were caused by the introduction of a new code, which came into effect last October, but inadequate staffing and resourcing was also an issue.

It said staff in some institutions equated breaches with complaints and assumed that if there were no complaints there were no breaches.

“Customer complaints and breaches are not always linked. Sometimes a customer complaint does not constitute a breach and sometimes breaches do not stem from a complaint,” it said.

It also said some staff believed that if a complaint is resolved to the customer’s satisfaction, no breach has occurred.

Among the code’s 55 subscribers, 13 reported no breaches in the 2021/22 financial year.

The number of breaches increased by 13 per cent to 2544, with 731,000 customers affected. The number of customer complaints rose 24 per cent to 36,689.

The main areas of concern were privacy, interest rates and fees, and information about products.

Breaches had a financial impact of A$33.7 million. One breach, which affected 126 customers, accounted for $28.9 million of the total impact.

Four breaches posed a serious risk to business operations and required urgent management attention.

The committee said too many subscribers failed to report breaches under the appropriate provisions of the code, relying instead on a general “key promises” provision.

“We expect to see subscribers using specific code provisions when reporting breaches. This helps identify the cause of the breach and helps subscribers address the issue and undertake effective remediation,” the COBCCC said.

It also said there was a lack of detail about remedial action in breach reports. Around 75 per cent of breaches did not specify long-term remedial action.

“Subscribers still treat breaches in the same way as complaints. The common approach is to provide a quick fix to each incident when it occurs, rather than making the effort to identify and address the root causes of the breaches.”

The committee called on subscribers to fully implement the 2022 code, which has new obligations covering small business lending and dealing with vulnerable customers.

I'm a returning subscriber

Password reset
Login

Request a free trial

  • Emailing you the news at 7am.
  • Covering core lending and funding issues, strategy, payments, regulation, risk management, IT, marketing and more.
  • Original news and summaries of major stories from other media – ditch your newspaper subscriptions.
  • Focused on banking and finance, saving you the time spent wading through newspapers and other services.
  • With reporting from former editors and senior writers from the AFR and The Australian.
  • Configured for your phone, laptop and PC.
Free trial Banking Day